Primary

Context

Jetpack Boost Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in the Jetpack Boost WordPress plugin, affecting versions prior to 3.4.7. This vulnerability allows administrators to make GET requests to arbitrary URLs, potentially leading to unauthorized access or manipulation of data.

Impact

Exploitation of this vulnerability could allow an authenticated administrator to perform SSRF attacks, which could be used to access internal services or resources that are not normally exposed to the public.

Remediation

Users can update to Jetpack Boost version 3.4.7 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jetpack Boost Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jetpack Boost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating